Never log into important sites in Windows...

I'd say this is more of a reason not to run an old verson of JRE - seems third party runtimes are becoming targeted more and more (Flash being another good example).

Won't stop me using Windows, and why would it?
 
Never log into important sites in inadequately secured Windows...
Click to expand...

*Fixed* ;)

Results of manually carrying out the malware's actions from a UAC enabled, Standard User account on Windows 7 :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Cannot edit EnableLua: Error writing the value's new contents.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Cannot create key: You do not have the requisite permissions to create a new key under Certificates.

Copying plusdriver.sys and plusdriver64.sys to drivers folder
You'll need to provide administrator permission to copy to this folder drivers

aaa.bat fails to run because a Software Restriction Policy disallows program execution from anywhere other than Program Files / Windows folders. Plan B - Copy aaa.bat to either of the aforementioned folders and execute from there? Nope. No write permission for the copy due to Standard User / UAC.


Maybe Java applets interact with the system in such a way as to allow them to bypass Standard User / UAC / SRP ? I have not tested, so don't know. Maybe someone can shed some light on this.
 
JRE (Java Runtime Environment)

Please advise, I do not have any version of java installed on my machine, haven't had for around 4 years. I know IE9 has some form of javascript, but not java itself. Is this vulnerability present in IE9 directly, or only if I have installed java? Does it appear the script elements of IE9? What about FF4?
 
Hikari Kisugi said:
JRE (Java Runtime Environment)

Please advise, I do not have any version of java installed on my machine, haven't had for around 4 years. I know IE9 has some form of javascript, but not java itself. Is this vulnerability present in IE9 directly, or only if I have installed java? Does it appear the script elements of IE9? What about FF4?
Click to expand...

JavaScript is NOT Java. Two completely different things. This vulnerability seems to be present in an old version of JRE (although they don't seem to give details on what version).
 
OMG You can get viruses in windows?!!!11 :eek:

I feel betrayed :( I'm never logging into anything again. EVER.

If only I'd bought a Mac and convinced my office to switch to linux everything would be alright now :( This will be my last post until I've sorted my sorry state of computer affairs out, dekez signing off.
 
The attack was made using a malicious applet in such a way as to infect users running old versions of the JRE (Java Runtime Environment)
Click to expand...

seems more of a java bug win anything to do with windows... doesnt suprise me after the flash exploit alowing flash content to be infected with trojans
 
arknor said:
seems more of a java bug win anything to do with windows... doesnt suprise me after the flash exploit alowing flash content to be infected with trojans
Click to expand...

indeed.

Just update Java and you'll be fine. You should be making sure that all software is up-to-date anyway.
 
You must log in or register to reply here.
Back
Top Bottom